?
Solved

Trying to trace where a suspicious file came from that appeared on my Exchange Server.

Posted on 2002-05-21
3
Medium Priority
?
232 Views
Last Modified: 2013-12-28
I have found a couple suspicious password hacking program files residing in a temp folder on my Exchange Server.  To be exact, I found L0phtcrack & Samdump files, and a few others,  in zip format.  It also looks as though someone tried to install L0phtcrack on the server.  Or they succeded in doing so & then later deleted the program without uninstalling it.  A colleague told me about a utility he once had called "Snoop Plus" (or something like that).  This utility, he said, would be able to tell me, among other things, precisely where these files originated from.  For example, if the files were copied from another PC on the network to the Server's drive, the utility would be able to tell me what PC had copied the files onto the server. Or if they were copied from a CD it would tell me that the originated from another local drive on this Server.  Is there such a utility?? Where can I find it?  The only utility I've found on the web with the name Snoop, appears to be a Sun Solaris utility.  Is there another way to narrow down where these files originated from??  Thank you.

Added Comment:  Thanks for the Suggestion 'CSuvendra'.  Unfortunately it is a FAT partition & I cannot access any ownership properties.
0
Comment
Question by:rvshrader
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 3

Expert Comment

by:ITsheresomewhere
ID: 7025580
listening here....

ITsy
0
 
LVL 2

Accepted Solution

by:
CSuvendra earned 400 total points
ID: 7026099
Just a suggestion. You can always check the Ownership of the zip File from Properties and check who downloaded the file on the Server. Maybe that will give you an insight.
0
 

Expert Comment

by:JW2
ID: 7033128
How about Who's Watching Me at www.trapware.com
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
In this modest contribution, I want to share with the IT community (especially system administrators, IT Support Engineers and IT Help Desks) about Windows crashes/hangs and how to deal with these particular problems.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question